6.6 - Logical protection/Digital security Flashcards
Usernames and Passwords
Strong usernames passwords - less chance of unauthorised users accessing a system.
Password: contain a mix of uppercase, lowercase letters, punctuation and numbers / long length and be changed regularly
Where and why might PHPS need to use username and password
By PHPS having a username and password, it will then protect the customer’s/staff online accounts.
Having a password on their database so that then only certain personnel (staff) can access the database and are then able to edit or add data.
Having passwords on courier’s handheld devices (smartphones) by having a pin/passcode .
Anti Malware + Anti spyware
what does it do + prevent?
scan, detect and remove any viruses from the system.
anti spyware:
removes spyware on an infected system so hackers cannot view personal data or monitor users.
organisations should install and regularly update anti virus and anti spyware programs.
How does anti malware/spyware link to PHPs? and where might they use it?
WHERE? : on devices in workstations
It should be installed on courier’s smartphones which they use to get delivery lists and when they are getting their routes through the PHPs website.
By implementing it, it will detect, scan and remove any s spyware/viruses found on their devices AND prevent any data theft such as customer address and their payment information.
Firewall
prevents unauthorised access to a form of network by filtering data packets and block anything that is identified as harmful to the computer system or network. / block specific websites
Where might PHPS use firewalls and what does this prevent?
PHPs should use it on their WEBSITE OR WEBSERVER to filter data packets and anything else that could be harmful to their website/webserver
This then prevents unauthorised users from trying to breach the PHPs website and have access to customer information/sensitive information.
Encryption
converting data into an unreadable format so it cannot be understood without a decryption key.
What is encryption at rest
Data is encrypted while it is being stored on a system or storage drive.
What is encryption in transit
securing data as it is being transferred between systems on a network
How can PHPS use the different two methods of encryption and what does this help them comply with?
Encryption at rest -
PHPS should use this on their customer data, which is basically data that gets encrypted when it is being stored on a system or storage drive.
Encryption in transit - For PHPS, this could be when the data is being transmitted whilst the customers are registering or tracking their parcels on the website or when staff using document stores (cloud storage)
Comply with:
Together, these encryption methods help PHPS maintain confidentiality, protect customer trust, and comply with data protection laws (e.g., GDPR).
Tiered levels of access
Purpose: grant different types of permission to certain users / only authorised people can access and change certain files.
Different levels of file access:
- No access
- Read only : Allow a user to view but not edit
- Read/write: Allow a user to view and edit
Linking it to PHPS, where might tiered levels of access be used?
- The use of document store/virtual storage area can have access rights set-up e.g. admin and read only of files
- Staff can use folder structures or a shared drive which can have read/edit access certain for certain folders/individuals
- Couriers viewing parcel details, while customers can ACCESS their parcel tracking details.
PREVENTS data from being exposed/read by unauthorised users, makes PHPS maintain confidentiality, & comply with GDPR.
Obfuscation
When data is deliberately changed to be unreadable to humans but still understandable by computers.
Specialist software can be used to obfuscate data and convert it back into a human readable format.
How will PHPS use obfuscation? / what does it prevent
PHPs would use this to protect their sensitive customer information. One of them being is customer addresses. Instead of displaying the full address to everyone, they should partially obfuscate it protecting their information and preventing fraud from happening.
Example: Customer addresses when courier is delivering their parcels to them. Instead of showing “123 London Street, Birmingham, B1 1AA”, it might show “123 L, B“ to unauthorized users.
Where else can PHPS use obfuscation?
Customer passwords: Customers can make an online account. When they login obfuscation can be used to hide customers passwords
Email address PHPS will email customers with special offers and discount offers. The email address could usual partial obfuscation to hide the email address in case the email is intercepted.
Customer credit card number when sending billing/invoice documentation: Any billing/invoice documentation sent to the customer will obscure part of the customer credit card number so it would be useless if intercepted by fraudsters
Bank details: Database can use obfuscation on confidential information, such as bank details which may only show the last 3-4 characters.
Delivery codes: The business may use ‘jargon’ or ‘lingo’ on their business processes e.g. using delivery codes that only staff can understand and use.
